Polymarket Breach Reaches $3.1 Million: Refunds Promised as Federal Probe Looms
Polymarket's recent hack has been revised to $3.1 million after attackers drained 11 user wallets of PUSD tokens and bridged the funds to Ethereum. The platform has promised full refunds while facing both repeated security breaches and a reported federal investigation.
A cyberattack targeting prediction markets platform Polymarket has been revised upward to approximately $3.1 million, according to updated figures released by blockchain intelligence firm AMLBot. The company confirmed that hackers successfully drained funds from 11 separate user wallets, stealing assets held in Polymarket's native PUSD token before quickly moving them off the Polygon network and onto Ethereum.
AMLBot shared the updated figures via X on Saturday, noting that the cross-chain transfer appeared to be a deliberate attempt to obscure the trail of stolen funds. The firm stated it is continuing to monitor affected accounts on the platform. As of Saturday morning in the United States, Polymarket had not responded to media inquiries regarding the incident.
The attack was first disclosed publicly on Thursday, when Polymarket acknowledged that a third-party vendor had been compromised. According to the platform, the breach allowed bad actors to inject a malicious script directly into Polymarket's frontend interface, affecting a subset of users. The company stated it had identified and removed the compromised dependency, and pledged to reimburse all affected PUSD holders in full. "We're contacting impacted users and refunding them in full," the platform wrote in a post on X.
Blockchain security firm PeckShield was among the first to flag the incident, reporting on Thursday that a coordinated phishing campaign had been launched against Polymarket users. Initial estimates from PeckShield placed the total stolen amount at roughly 1,893 ETH. Meanwhile, a separate blockchain analytics platform, Specter Analyst, also raised the alarm on Thursday, estimating losses at around $2.94 million at that point in time.
At least one victim publicly shared details of the attack. A user identified as Ash posted on X that his wallet had been emptied without any apparent explanation, and included both his own wallet address and the suspected attacker's address in the post.
This latest incident is not an isolated event for Polymarket. The platform has experienced a string of security-related issues in recent months. Back in March, on-chain investigator ZachXBT flagged a suspected breach involving over $520,000 drained from two smart contracts on Polygon, though Polymarket subsequently claimed the funds were secure. Prior to that, in December, the platform confirmed a security incident stemming from a compromised third-party login provider, following user reports of missing funds and unauthorized account access.
The timing of this latest attack adds further pressure to Polymarket, which is reportedly facing a federal investigation. According to a report published by The Wall Street Journal, U.S. authorities are examining the prediction platform in connection with allegedly false or deceptive marketing practices, particularly related to social media promotions in which users highlighted their winnings. The combination of recurring security failures and regulatory scrutiny raises serious questions about the platform's operational and compliance infrastructure going forward.
